[Rapport Hijackthis] Virus qui fait n'importe quoi help!
Dernière réponse : dans Sécurité
Bonjour,
J'ai un virus, que j'ai choper en jouant à Counter-Strike(Si si) pendant le téléchargement des sons, maps etc d'un serveur, du coup, ces saperlopipette ont mis un virus à l'intérieur, AntiVir la détecté mais maintenant il ralentit mon PC, change mon fond d'écran etc...J'ai un rapport Hijackthis, le voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:01, on 22/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\explorer.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\conime.exe
D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Users\Altuner\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8800
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [recinfo] c:\recinfo\recinfo.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{25D04E0C-3424-4FDB-8825-B02E3888AA20}: NameServer = 86.64.145.142,84.103.237.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{25D04E0C-3424-4FDB-8825-B02E3888AA20}: NameServer = 86.64.145.142,84.103.237.142
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Google Update (gupdate1c99444803666e7) (gupdate1c99444803666e7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Programmes\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
--
End of file - 9480 bytes
Rapport ComboFix:
ComboFix 09-02-21.01 - Altuner 2009-02-22 17:19:09.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2038.999 [GMT 1:00]
Lancé depuis: c:\users\Altuner\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
D:\install.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))
.
2009-02-22 11:53 . 2009-02-22 11:54 <REP> d-------- c:\users\Altuner\AppData\Roaming\inSpeak
2009-02-22 11:53 . 2009-02-22 11:53 <REP> d-------- c:\users\All Users\inSpeak
2009-02-22 11:53 . 2009-02-22 11:53 <REP> d-------- c:\programdata\inSpeak
2009-02-22 11:53 . 2009-02-22 11:53 <REP> d-------- c:\program files\inSpeak
2009-02-22 11:53 . 2003-07-16 00:36 168,960 --a------ c:\windows\System32\speex32.acm
2009-02-20 17:05 . 2009-02-20 17:05 <REP> d-------- c:\program files\Patch MsnCreative
2009-02-19 20:58 . 2009-02-19 21:08 <REP> d-------- c:\windows\ulead.dat
2009-02-19 20:58 . 2009-02-19 21:08 89 --a------ c:\windows\ulead32.ini
2009-02-19 20:58 . 2009-02-19 21:08 12 --ah----- c:\windows\uce.dat
2009-02-18 16:01 . 2009-02-18 16:01 <REP> d-------- c:\program files\Microsoft Silverlight
2009-02-18 15:06 . 2009-02-19 12:49 <REP> d--h----- c:\windows\msdownld.tmp
2009-02-18 14:52 . 2009-02-18 14:55 <REP> d-------- c:\users\All Users\WebacamSurveyor
2009-02-18 14:52 . 2009-02-18 14:55 <REP> d-------- c:\programdata\WebacamSurveyor
2009-02-17 13:35 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-17 13:35 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-17 13:35 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-17 13:35 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-17 13:35 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-17 13:35 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-17 13:35 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-17 13:35 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-17 13:30 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-17 13:30 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-17 13:30 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-17 13:30 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-17 13:30 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-17 10:29 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-17 10:29 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-17 10:29 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-17 10:29 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-17 10:29 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-16 22:45 . 2009-02-16 22:45 <REP> d-------- c:\windows\Google Earth Pro 4.2
2009-02-15 00:23 . 2009-02-15 00:23 50 --a------ c:\windows\MegaManager.INI
2009-02-13 17:12 . 2009-02-13 17:14 <REP> d-------- c:\program files\Paint.NET
2009-02-13 12:49 . 2009-02-13 12:49 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-11 16:05 . 2009-02-11 16:05 243,712 --ah---t- C:\VAC2.dll
2009-02-11 16:00 . 2009-02-11 16:00 <REP> d-------- C:\GHCSS
2009-02-10 14:16 . 2009-02-10 14:16 <REP> d-------- c:\users\Altuner\AppData\Roaming\MessengerDiscovery 2
2009-02-10 12:21 . 2009-02-10 12:21 <REP> d-------- c:\windows\PaltalkScene
2009-02-10 12:21 . 2009-02-10 19:04 <REP> d-------- c:\users\Altuner\AppData\Roaming\Paltalk
2009-02-10 12:21 . 2009-02-10 12:22 <REP> d-------- c:\program files\Paltalk Messenger
2009-02-08 17:55 . 2009-02-08 17:55 <REP> d-------- c:\program files\Valve
2009-02-07 17:26 . 2009-02-07 17:26 <REP> d-------- c:\users\Altuner\AppData\Roaming\MAGIX
2009-02-07 17:25 . 2009-02-07 17:32 <REP> d-------- c:\users\All Users\MAGIX
2009-02-07 17:25 . 2009-02-07 17:32 <REP> d-------- c:\programdata\MAGIX
2009-02-07 17:25 . 2009-02-07 17:25 <REP> d-------- c:\program files\Common Files\MAGIX Shared
2009-02-07 17:24 . 2007-04-27 09:43 120,200 --a------ c:\windows\System32\DLLDEV32i.dll
2009-02-07 17:23 . 2009-02-10 18:35 <REP> d-------- c:\windows\System32\MAGIX
2009-02-07 17:23 . 2008-04-15 15:14 700,416 --a------ c:\windows\System32\mgxoschk.dll
2009-02-07 17:23 . 2009-02-07 17:26 7,023 --a------ c:\windows\mgxoschk.ini
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
2009-02-06 17:23 . 2009-02-21 18:46 <REP> d-------- c:\users\All Users\Google Updater
2009-02-06 17:23 . 2009-02-21 18:46 <REP> d-------- c:\programdata\Google Updater
2009-02-05 22:31 . 2009-02-05 22:31 27 --a------ c:\windows\ip32chk.bin
2009-02-04 17:53 . 2009-02-04 17:53 <REP> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-03 19:39 . 2009-02-03 19:50 <REP> d-------- c:\users\Altuner\AppData\Roaming\Notepad++
2009-02-02 19:26 . 2009-02-02 19:26 <REP> d--hs---- c:\windows\ftpcache
2009-01-30 17:59 . 2009-02-04 17:19 <REP> d-------- c:\program files\DkZ Studio
2009-01-30 12:06 . 2009-01-30 12:06 <REP> d-------- c:\program files\JRE
2009-01-30 11:55 . 2009-01-30 11:55 <REP> d-------- c:\users\Altuner\AppData\Roaming\SystemRequirementsLab
2009-01-29 23:11 . 2009-02-21 18:04 <REP> d-a------ c:\users\All Users\TEMP
2009-01-29 23:11 . 2009-02-21 18:04 <REP> d-a------ c:\programdata\TEMP
2009-01-28 20:33 . 2006-05-31 20:25 25,088 --a------ c:\windows\System32\msxml3a.dll
2009-01-27 11:44 . 2009-01-27 11:44 <REP> d-------- c:\users\All Users\Avira
2009-01-27 11:44 . 2009-01-27 11:44 <REP> d-------- c:\programdata\Avira
2009-01-25 23:08 . 2009-02-04 22:39 <REP> d-------- c:\program files\MessengerDiscovery
2009-01-25 18:47 . 2009-01-25 18:47 <REP> d-------- c:\users\Altuner\AppData\Roaming\Desktopicon
2009-01-24 20:50 . 2009-01-24 20:50 <REP> d-------- c:\users\Altuner\AppData\Roaming\RayV
2009-01-24 20:50 . 2009-01-24 20:50 <REP> d-------- c:\program files\RayV
2009-01-24 14:37 . 2009-01-24 14:37 45 ---h----- c:\windows\dsys1006.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 16:04 --------- d-----w c:\program files\Steam
2009-02-22 15:47 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-22 15:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-21 18:17 --------- d-----w c:\users\Altuner\AppData\Roaming\LimeWire
2009-02-21 16:50 --------- d-----w c:\program files\Google
2009-02-19 20:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 13:51 --------- d-----w c:\users\Altuner\AppData\Roaming\Download Manager
2009-02-17 09:23 --------- d-----w c:\program files\Common Files\Steam
2009-02-12 10:20 --------- d-----w c:\program files\Windows Mail
2009-02-11 19:21 566 ----a-w c:\users\Altuner\AppData\Roaming\wklnhst.dat
2009-02-10 21:49 --------- d-----w c:\program files\Common Files\Adobe
2009-02-06 19:11 --------- d-----w c:\users\Altuner\AppData\Roaming\Dev-Cpp
2009-02-06 17:26 --------- d-----w c:\program files\Picasa2
2009-02-02 17:07 --------- d-----w c:\programdata\Microsoft Help
2009-02-01 11:38 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-30 11:06 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-27 15:56 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-23 17:23 --------- d-----w c:\program files\Opera
2009-01-21 21:28 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-21 17:18 --------- d-----w c:\program files\Avira
2009-01-21 11:23 --------- d-----w c:\programdata\TechSmith
2009-01-21 11:23 --------- d-----w c:\program files\TechSmith
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-13 12:59 --------- d-----w c:\users\Altuner\AppData\Roaming\Screaming Bee
2009-01-13 12:59 --------- d-----w c:\programdata\Screaming Bee
2009-01-13 12:59 --------- d-----w c:\program files\Common Files\Screaming Bee
2009-01-03 08:07 81,920 ----a-w c:\windows\System32\frapsvid.dll
2009-01-02 09:25 --------- d-----w c:\programdata\WindowsSearch
2009-01-02 09:14 --------- d-----w c:\programdata\InstallShield
2009-01-01 18:49 --------- d-----w c:\program files\Common Files\INCA Shared
2008-12-29 18:58 --------- d-----w c:\users\Altuner\AppData\Roaming\teamspeak2
2008-12-28 11:20 603,904 ----a-w c:\windows\System32\TUProgSt.exe
2008-12-28 11:20 360,192 ----a-w c:\windows\System32\TuneUpDefragService.exe
2008-12-28 11:20 --------- d-----w c:\program files\TuneUp Utilities 2009
2008-12-25 18:30 --------- d-----w c:\program files\Intel
2008-12-24 22:07 --------- d-----w c:\program files\CCleaner
2008-12-23 16:50 --------- d-----w c:\users\Altuner\AppData\Roaming\Azureus
2008-12-23 16:39 --------- d-----w c:\programdata\Azureus
2008-12-23 13:29 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-23 13:29 --------- d-----w c:\program files\iTunes
2008-12-23 13:28 --------- d-----w c:\programdata\Apple Computer
2008-12-23 13:28 --------- d-----w c:\program files\iPod
2008-12-23 13:28 --------- d-----w c:\program files\Common Files\Apple
2008-12-22 00:06 --------- d-----w c:\users\Altuner\AppData\Roaming\DAEMON Tools Lite
2008-12-16 10:27 993,816 ----a-w c:\windows\System32\igxpun.exe
2008-12-14 15:29 17,140 ----a-w c:\program files\log_cd2.txt
2008-12-11 12:31 27,904 ----a-w c:\windows\System32\uxtuneup.dll
2008-12-11 12:31 17,152 ----a-w c:\windows\System32\authuitu.dll
2008-12-07 08:42 28,756 ----a-w c:\program files\log.txt
2008-12-02 11:49 8,198,680 ----a-w c:\windows\System32\TVWSetup.exe
2008-12-02 11:49 668,696 ----a-w c:\windows\System32\igfxcfg.exe
2008-12-02 11:49 252,952 ----a-w c:\windows\System32\igfxsrvc.exe
2008-12-02 11:49 173,592 ----a-w c:\windows\System32\hkcmd.exe
2008-12-02 11:49 172,568 ----a-w c:\windows\System32\igfxext.exe
2008-12-02 11:49 150,552 ----a-w c:\windows\System32\igfxpers.exe
2008-12-02 11:49 141,848 ----a-w c:\windows\System32\igfxtray.exe
2008-12-02 11:40 155,648 ----a-w c:\windows\System32\igfxCoIn_v1608.dll
2008-12-02 11:33 3,821,568 ----a-w c:\windows\System32\igdumd32.dll
2008-12-02 11:31 1,498,564 ----a-w c:\windows\System32\igkrng400.bin
2008-12-02 11:27 536,576 ----a-w c:\windows\System32\igdumdx32.dll
2008-12-02 11:22 2,580,480 ----a-w c:\windows\System32\igd10umd32.dll
2008-12-02 11:13 4,112,384 ----a-w c:\windows\System32\ig4icd32.dll
2008-12-02 11:13 2,674,688 ----a-w c:\windows\System32\ig4dev32.dll
2008-12-02 11:04 398,336 ----a-w c:\windows\System32\TVWizudlg.exe
2008-12-02 11:03 59,392 ----a-w c:\windows\System32\oemdspif.dll
2008-12-02 11:03 257,536 ----a-w c:\windows\System32\igfxTMM.dll
2008-12-02 11:03 23,552 ----a-w c:\windows\System32\igfxexps.dll
2008-12-02 11:03 200,192 ----a-w c:\windows\System32\igfxpph.dll
2008-12-02 11:03 140,288 ----a-w c:\windows\System32\igfxtvcx.dll
2008-12-02 11:02 94,208 ----a-w c:\windows\System32\hccutils.dll
2008-12-02 11:02 51,712 ----a-w c:\windows\System32\igfxsrvc.dll
2008-12-02 11:02 5,702,656 ----a-w c:\windows\System32\igfxress.dll
2008-12-02 11:02 210,432 ----a-w c:\windows\System32\igfxdev.dll
2008-12-02 11:02 130,048 ----a-w c:\windows\System32\igfxdo.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-10-24 14:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008102420081025\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"recinfo"="c:\recinfo\recinfo.exe" [2008-02-13 52224]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-20 3885408]
"Steam"="c:\program files\steam\steam.exe" [2009-02-16 1410296]
"Google Update"="c:\users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-24 133104]
"SpybotSD TeaTimer"="d:\programmes\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-02 150552]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-01-28 10950144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.speex32"= speex32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SnagIt 9.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 9.lnk
backup=c:\windows\pss\SnagIt 9.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 10:02 216520 d:\programmes\DAEMON Tools Lite\daemon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1961205223-498375320-3251691742-1000]
"EnableNotificationsRef"=dword:00000003
"EnableNotifications"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{731544C6-0539-4926-88B7-27BB057BAB48}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2D1118CC-7D3B-4116-967D-0A77446FEE30}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4DD0D956-3FC8-4765-A3CE-0ADE0210043F}"= UDP:c:\program files\Steam\Steam.exe:Steam
"{E76CED31-F116-42CE-BB81-249A0CB7F7DA}"= TCP:c:\program files\Steam\Steam.exe:Steam
"{E1E76D77-6726-49B5-AB1C-DC4ECF4FA1E8}"= UDP:c:\program files\VTFEdit\VTFEdit.exe:VTFEdit
"{2CC324A4-BDBD-4A33-9FD4-C903813D503F}"= TCP:c:\program files\VTFEdit\VTFEdit.exe:VTFEdit
"TCP Query User{705FC956-CAEC-41F0-B6C0-39592FD4CF4E}c:\\program files\\steam\\steamapps\\big_next\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\big_next\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{67ED5832-B898-4F1A-894F-F86FCFC2B14D}c:\\program files\\steam\\steamapps\\big_next\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\big_next\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{6DAB8DBB-85F2-4F9C-86B8-483B9E9DE25D}c:\\program files\\steam\\steamapps\\big_next\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\day of defeat source\hl2.exe:hl2
"UDP Query User{8AA9B7D0-D6A6-404A-9263-2CE928FC7019}c:\\program files\\steam\\steamapps\\big_next\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\day of defeat source\hl2.exe:hl2
"TCP Query User{846D3F01-8CE2-4F62-9C86-B3579CEE217E}c:\\program files\\steam\\steamapps\\big_next\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\source sdk base\hl2.exe:hl2
"UDP Query User{FCF1AFB8-2379-4699-B473-DE7DE199C55E}c:\\program files\\steam\\steamapps\\big_next\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\source sdk base\hl2.exe:hl2
"TCP Query User{339C96CC-6DA2-4868-9311-27C5583C1CB7}c:\\program files\\steam\\steamapps\\big_next\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\insurgency\hl2.exe:hl2
"UDP Query User{86F3CD9F-AB82-4267-B445-DCDD7D6FC40B}c:\\program files\\steam\\steamapps\\big_next\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\insurgency\hl2.exe:hl2
"TCP Query User{42215CC0-84F8-4911-81B9-DEB5DD4BD54C}c:\\program files\\steam\\steamapps\\big_next\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{3CCA4B74-3C25-4F9D-B66E-31A38D46F142}c:\\program files\\steam\\steamapps\\big_next\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{BA998EAE-0F89-4989-8751-1AED81D1C437}c:\\program files\\steam\\steamapps\\big_next\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\big_next\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{7CF99DB8-63DA-4EE2-A781-78A41B93A534}c:\\program files\\steam\\steamapps\\big_next\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\big_next\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{92B8BAC5-0ABE-4159-8D89-A2462E779942}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{C5E705CC-EC23-4B72-A4DE-EB3B276B97AE}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"{076ABBBE-B1A5-462E-9886-7E391136E858}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{E97B1177-B87F-464E-8CC7-FC56EE44E570}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{EC26C6FB-E558-43B7-93EA-E0047D148DB9}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{8F403FE3-E2AE-41AF-A11A-230EA9B3ED72}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{3AAAFA9B-9B79-4525-8F2E-6D2F76855005}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{E9E474AF-7DCB-43D9-9C20-6B5994452119}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{7496CE05-86B3-4217-B0BE-C1819C1B5FE6}c:\\program files\\steam\\steamapps\\big_next\\dedicated server\\hlds.exe"= UDP:c:\program files\steam\steamapps\big_next\dedicated server\hlds.exe:HLDS Launcher
"UDP Query User{71AC98F1-C61F-4B81-B7DA-12447CC49595}c:\\program files\\steam\\steamapps\\big_next\\dedicated server\\hlds.exe"= TCP:c:\program files\steam\steamapps\big_next\dedicated server\hlds.exe:HLDS Launcher
"{9F4529E2-A41A-4009-B794-6381FBA696A3}"= TCP:27015:Serveur CS
"TCP Query User{9B6FBEE3-EC58-4E84-BC5D-80384DEFF03A}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{43C43749-78F1-4A71-92E7-8984E7CC93B1}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{4DE28781-AD95-4A3E-BDA0-895834E786B9}"= UDP![:D]( ":D")
:\programmes\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{57E10B1B-C47D-40A5-B411-E257AA048843}"= TCP![:D]( ":D")
:\programmes\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{E9240EEC-95F8-4400-8253-78E842D51110}c:\\program files\\steam\\steamapps\\aytac625\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\aytac625\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{0B25262B-5E23-457E-929C-4B068CF0A5BA}c:\\program files\\steam\\steamapps\\aytac625\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\aytac625\condition zero\hl.exe:Half-Life Launcher
"{6AE0CB57-A1F1-44FE-B12F-0A759BD830F0}"= UDP![:D]( ":D")
:\programmes\Shareaza\Shareaza.exe:Shareaza
"{9446BB86-0A4A-4A1E-83D7-84EAC1BBD6B3}"= TCP![:D]( ":D")
:\programmes\Shareaza\Shareaza.exe:Shareaza
"{76FD0032-85EF-44ED-A1C7-505184FFCB8A}"= UDP:6346:LocalSubnet:LocalSubnet:shareazaudp
"{420B0FBE-673D-459D-812C-BD86C686BA24}"= TCP:6346:LocalSubnet:LocalSubnet:shareazaudp
"TCP Query User{A9D8D1B8-522C-4340-B42E-1BE619432AF1}d:\\programmes\\emule\\emule.exe"= UDP![:D]( ":D")
:\programmes\emule\emule.exe:eMule
"UDP Query User{94443ED6-8446-43CA-8F61-2CC7CF66297C}d:\\programmes\\emule\\emule.exe"= TCP![:D]( ":D")
:\programmes\emule\emule.exe:eMule
"TCP Query User{BA8FBA3A-01D3-491F-98DE-BD0A6F164E07}c:\\users\\altuner\\program files\\dna\\btdna.exe"= UDP:c:\users\altuner\program files\dna\btdna.exe:btdna.exe
"UDP Query User{17A1C803-407D-4687-9D9F-09B14596908E}c:\\users\\altuner\\program files\\dna\\btdna.exe"= TCP:c:\users\altuner\program files\dna\btdna.exe:btdna.exe
"{1C11A7D7-5AF6-4F39-8C06-998E08C7C5A3}"= UDP:c:\program files\DNA\btdna.exe![:D]( ":D")
NA (TCP-In)
"{11699A49-650A-4B77-ACD1-A4241F4B649E}"= TCP:c:\program files\DNA\btdna.exe![:D]( ":D")
NA (UDP-In)
"{AC0DE6DC-3F21-4F1E-B628-F32CC3188DDF}"= UDP:c:\program files\DNA\btdna.exe![:D]( ":D")
NA (TCP-In)
"{C7177C46-1360-4DEA-B427-B117199FC82A}"= TCP:c:\program files\DNA\btdna.exe![:D]( ":D")
NA (UDP-In)
"{51037744-C87A-4155-AF2C-8553C9FE9706}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BC728603-75C3-4004-A9D2-0F77243EF382}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{719C33A7-7A46-439A-8D50-51494565D225}"= UDP:c:\program files\DNA\btdna.exe![:D]( ":D")
NA (TCP-In)
"{EFE558DA-290A-4A47-B1CB-36DA7E675C56}"= TCP:c:\program files\DNA\btdna.exe![:D]( ":D")
NA (UDP-In)
"{83870AA6-523F-42CF-9CE8-788AC572DC6D}"= UDP:c:\program files\DNA\btdna.exe![:D]( ":D")
NA (TCP-In)
"{C327CDFA-B89F-4FBF-86D8-FC96FD1595D8}"= TCP:c:\program files\DNA\btdna.exe![:D]( ":D")
NA (UDP-In)
"{33236A74-E0EB-4D4F-AC3A-A4ADC761E19E}"= UDP:c:\program files\DNA\btdna.exe![:D]( ":D")
NA (TCP-In)
"{C27482ED-AC13-4049-8188-082C5869FAB6}"= TCP:c:\program files\DNA\btdna.exe![:D]( ":D")
NA (UDP-In)
"TCP Query User{49DCC726-B626-45F9-B423-5E3F3A441B96}d:\\programmes\\neuftalk\\neuf talk.exe"= UDP![:D]( ":D")
:\programmes\neuftalk\neuf talk.exe:neuf Talk
"UDP Query User{C4FAAEAB-7D09-4AE8-9AD7-01E38FBC3D45}d:\\programmes\\neuftalk\\neuf talk.exe"= TCP![:D]( ":D")
:\programmes\neuftalk\neuf talk.exe:neuf Talk
"TCP Query User{0AE71879-FD56-4941-BFDD-49EDEAE9D6CC}c:\\program files\\steam\\steamapps\\big_next\\insurgency dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\big_next\insurgency dedicated server\srcds.exe:srcds
"UDP Query User{933F8F2F-0D12-4EAE-A36E-3B0F211365CA}c:\\program files\\steam\\steamapps\\big_next\\insurgency dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\big_next\insurgency dedicated server\srcds.exe:srcds
"TCP Query User{9E6F3251-836A-4987-96FC-E0859C5A3EB7}c:\\program files\\steam\\steamapps\\big_next\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\big_next\source dedicated server\srcds.exe:srcds
"UDP Query User{FCBC9581-8C4E-4667-B0AE-749CB78FD4DB}c:\\program files\\steam\\steamapps\\big_next\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\big_next\source dedicated server\srcds.exe:srcds
"TCP Query User{46C73FA4-DFF1-4822-92F5-DA4C12795E82}c:\\program files\\paltalk messenger\\paltalk.exe"= UDP:c:\program files\paltalk messenger\paltalk.exe![:p]( ":p")
altalkScene
"UDP Query User{E900139D-3C20-4F84-9324-204F871A8EF6}c:\\program files\\paltalk messenger\\paltalk.exe"= TCP:c:\program files\paltalk messenger\paltalk.exe![:p]( ":p")
altalkScene
"TCP Query User{BF17E022-725A-4F89-9A2C-38A4ABEAF636}c:\\program files\\steam\\steamapps\\big_next\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\counter-strike source\hl2.exe:hl2
"UDP Query User{DBEE32FF-F04D-49A8-87EE-03F6B9FF5E51}c:\\program files\\steam\\steamapps\\big_next\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\counter-strike source\hl2.exe:hl2
"TCP Query User{BD0304A8-7322-4497-9D25-1DB03D555599}c:\\program files\\steam\\steamapps\\tayfun45\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\tayfun45\counter-strike source\hl2.exe:hl2
"UDP Query User{C06F014B-CA73-4CF5-ACA8-FCC808C34FC1}c:\\program files\\steam\\steamapps\\tayfun45\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\tayfun45\counter-strike source\hl2.exe:hl2
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"d:\\Programmes\\BitTorrent\\bittorrent.exe"= d:\programmes\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 Hotkey;Hotkey;c:\windows\System32\drivers\HOTKEY.sys [2008-07-02 9867]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-18 603904]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [2006-09-28 21920]
R3 tenCapture;tenCapture;c:\windows\System32\drivers\tenCapture.sys [2007-04-21 9344]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-07-02 118784]
S2 gupdate1c99444803666e7;Service Google Update (gupdate1c99444803666e7);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
S2 SBSDWSCService;SBSD Security Center Service;d:\programmes\Spybot - Search & Destroy\SDWinSec.exe [2009-02-22 1153368]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-02 195752]
S3 ovt530;Webcam Classic;c:\windows\System32\drivers\ov530vid.sys [2008-11-21 161792]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c51bcc9c-a1d8-11dd-bbfe-806e6f6e6963}]
\shell\AutoRun\command - E:\umenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-02-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 17:45]
2009-02-22 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 17:50]
2009-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1961205223-498375320-3251691742-1000.job
- c:\users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-24 19:08]
2009-02-22 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04]
2009-02-22 c:\windows\Tasks\User_Feed_Synchronization-{643D8D41-70B9-4440-AC4D-D391DCB1C371}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 11:01]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyServer = localhost:8800
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {25D04E0C-3424-4FDB-8825-B02E3888AA20} = 86.64.145.142,84.103.237.142
FF - ProfilePath - c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
1 fichier(s) déplacé(s).
FF - component: c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\extensions\capturefoxmovie@advancity.net\components\test.dll
FF - component: c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmaud.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmprog.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmvid.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmzip.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\users\Altuner\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 17:22:26
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H? ??????? ?`7 ??X?w????????????0???$???????d???4??v???????????wR??w?????? ??? ???????F?4???o??v?? ?????x? ?t???+?A??? ?????J?A?#???????|?????F?$l@?H???????????? A??Q??????J?A?[?@??? ??v@??? ???????@??? ????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????H? ??????? ?`7 ??X?w????????????0???$???????d???4??v???????????wR??w?????? ??? ???????F?4???o??v?? ?????x? ?t???+?A??? ?????J?A?#???????|?????F?$l@?H???????????? A??Q??????J?A?[?@??? ??v@??? ???????@??? ????
Wbutton = c:\program files\Launch Manager\WButton.exe?????H? ??????? ?`7 ??X?w????????????0???$???????d???4??v???????????wR??w?????? ??? ???????F?4???o??v?? ?????x? ?t???+?A??? ?????J?A?#???????|?????F?$l@?H???????????? A??Q??????J?A?[?@??? ??v@??? ???????@??? ????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-22 17:25:04
ComboFix-quarantined-files.txt 2009-02-22 16:25:02
Avant-CF: 1 017 913 344 octets libres
Après-CF: 576,839,680 octets libres
391 --- E O F --- 2009-02-20 09:30:53
J'ai un virus, que j'ai choper en jouant à Counter-Strike(Si si) pendant le téléchargement des sons, maps etc d'un serveur, du coup, ces saperlopipette ont mis un virus à l'intérieur, AntiVir la détecté mais maintenant il ralentit mon PC, change mon fond d'écran etc...J'ai un rapport Hijackthis, le voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:01, on 22/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\explorer.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\conime.exe
D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Users\Altuner\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8800
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [recinfo] c:\recinfo\recinfo.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmes\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{25D04E0C-3424-4FDB-8825-B02E3888AA20}: NameServer = 86.64.145.142,84.103.237.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{25D04E0C-3424-4FDB-8825-B02E3888AA20}: NameServer = 86.64.145.142,84.103.237.142
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Google Update (gupdate1c99444803666e7) (gupdate1c99444803666e7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Programmes\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
--
End of file - 9480 bytes
Rapport ComboFix:
ComboFix 09-02-21.01 - Altuner 2009-02-22 17:19:09.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2038.999 [GMT 1:00]
Lancé depuis: c:\users\Altuner\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
D:\install.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))
.
2009-02-22 11:53 . 2009-02-22 11:54 <REP> d-------- c:\users\Altuner\AppData\Roaming\inSpeak
2009-02-22 11:53 . 2009-02-22 11:53 <REP> d-------- c:\users\All Users\inSpeak
2009-02-22 11:53 . 2009-02-22 11:53 <REP> d-------- c:\programdata\inSpeak
2009-02-22 11:53 . 2009-02-22 11:53 <REP> d-------- c:\program files\inSpeak
2009-02-22 11:53 . 2003-07-16 00:36 168,960 --a------ c:\windows\System32\speex32.acm
2009-02-20 17:05 . 2009-02-20 17:05 <REP> d-------- c:\program files\Patch MsnCreative
2009-02-19 20:58 . 2009-02-19 21:08 <REP> d-------- c:\windows\ulead.dat
2009-02-19 20:58 . 2009-02-19 21:08 89 --a------ c:\windows\ulead32.ini
2009-02-19 20:58 . 2009-02-19 21:08 12 --ah----- c:\windows\uce.dat
2009-02-18 16:01 . 2009-02-18 16:01 <REP> d-------- c:\program files\Microsoft Silverlight
2009-02-18 15:06 . 2009-02-19 12:49 <REP> d--h----- c:\windows\msdownld.tmp
2009-02-18 14:52 . 2009-02-18 14:55 <REP> d-------- c:\users\All Users\WebacamSurveyor
2009-02-18 14:52 . 2009-02-18 14:55 <REP> d-------- c:\programdata\WebacamSurveyor
2009-02-17 13:35 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-17 13:35 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-17 13:35 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-17 13:35 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-17 13:35 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-17 13:35 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-17 13:35 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-17 13:35 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-17 13:30 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-17 13:30 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-17 13:30 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-17 13:30 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-17 13:30 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-17 10:29 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-17 10:29 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-17 10:29 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-17 10:29 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-17 10:29 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-16 22:45 . 2009-02-16 22:45 <REP> d-------- c:\windows\Google Earth Pro 4.2
2009-02-15 00:23 . 2009-02-15 00:23 50 --a------ c:\windows\MegaManager.INI
2009-02-13 17:12 . 2009-02-13 17:14 <REP> d-------- c:\program files\Paint.NET
2009-02-13 12:49 . 2009-02-13 12:49 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-11 16:05 . 2009-02-11 16:05 243,712 --ah---t- C:\VAC2.dll
2009-02-11 16:00 . 2009-02-11 16:00 <REP> d-------- C:\GHCSS
2009-02-10 14:16 . 2009-02-10 14:16 <REP> d-------- c:\users\Altuner\AppData\Roaming\MessengerDiscovery 2
2009-02-10 12:21 . 2009-02-10 12:21 <REP> d-------- c:\windows\PaltalkScene
2009-02-10 12:21 . 2009-02-10 19:04 <REP> d-------- c:\users\Altuner\AppData\Roaming\Paltalk
2009-02-10 12:21 . 2009-02-10 12:22 <REP> d-------- c:\program files\Paltalk Messenger
2009-02-08 17:55 . 2009-02-08 17:55 <REP> d-------- c:\program files\Valve
2009-02-07 17:26 . 2009-02-07 17:26 <REP> d-------- c:\users\Altuner\AppData\Roaming\MAGIX
2009-02-07 17:25 . 2009-02-07 17:32 <REP> d-------- c:\users\All Users\MAGIX
2009-02-07 17:25 . 2009-02-07 17:32 <REP> d-------- c:\programdata\MAGIX
2009-02-07 17:25 . 2009-02-07 17:25 <REP> d-------- c:\program files\Common Files\MAGIX Shared
2009-02-07 17:24 . 2007-04-27 09:43 120,200 --a------ c:\windows\System32\DLLDEV32i.dll
2009-02-07 17:23 . 2009-02-10 18:35 <REP> d-------- c:\windows\System32\MAGIX
2009-02-07 17:23 . 2008-04-15 15:14 700,416 --a------ c:\windows\System32\mgxoschk.dll
2009-02-07 17:23 . 2009-02-07 17:26 7,023 --a------ c:\windows\mgxoschk.ini
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
2009-02-06 17:23 . 2009-02-21 18:46 <REP> d-------- c:\users\All Users\Google Updater
2009-02-06 17:23 . 2009-02-21 18:46 <REP> d-------- c:\programdata\Google Updater
2009-02-05 22:31 . 2009-02-05 22:31 27 --a------ c:\windows\ip32chk.bin
2009-02-04 17:53 . 2009-02-04 17:53 <REP> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-03 19:39 . 2009-02-03 19:50 <REP> d-------- c:\users\Altuner\AppData\Roaming\Notepad++
2009-02-02 19:26 . 2009-02-02 19:26 <REP> d--hs---- c:\windows\ftpcache
2009-01-30 17:59 . 2009-02-04 17:19 <REP> d-------- c:\program files\DkZ Studio
2009-01-30 12:06 . 2009-01-30 12:06 <REP> d-------- c:\program files\JRE
2009-01-30 11:55 . 2009-01-30 11:55 <REP> d-------- c:\users\Altuner\AppData\Roaming\SystemRequirementsLab
2009-01-29 23:11 . 2009-02-21 18:04 <REP> d-a------ c:\users\All Users\TEMP
2009-01-29 23:11 . 2009-02-21 18:04 <REP> d-a------ c:\programdata\TEMP
2009-01-28 20:33 . 2006-05-31 20:25 25,088 --a------ c:\windows\System32\msxml3a.dll
2009-01-27 11:44 . 2009-01-27 11:44 <REP> d-------- c:\users\All Users\Avira
2009-01-27 11:44 . 2009-01-27 11:44 <REP> d-------- c:\programdata\Avira
2009-01-25 23:08 . 2009-02-04 22:39 <REP> d-------- c:\program files\MessengerDiscovery
2009-01-25 18:47 . 2009-01-25 18:47 <REP> d-------- c:\users\Altuner\AppData\Roaming\Desktopicon
2009-01-24 20:50 . 2009-01-24 20:50 <REP> d-------- c:\users\Altuner\AppData\Roaming\RayV
2009-01-24 20:50 . 2009-01-24 20:50 <REP> d-------- c:\program files\RayV
2009-01-24 14:37 . 2009-01-24 14:37 45 ---h----- c:\windows\dsys1006.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 16:04 --------- d-----w c:\program files\Steam
2009-02-22 15:47 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-22 15:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-21 18:17 --------- d-----w c:\users\Altuner\AppData\Roaming\LimeWire
2009-02-21 16:50 --------- d-----w c:\program files\Google
2009-02-19 20:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 13:51 --------- d-----w c:\users\Altuner\AppData\Roaming\Download Manager
2009-02-17 09:23 --------- d-----w c:\program files\Common Files\Steam
2009-02-12 10:20 --------- d-----w c:\program files\Windows Mail
2009-02-11 19:21 566 ----a-w c:\users\Altuner\AppData\Roaming\wklnhst.dat
2009-02-10 21:49 --------- d-----w c:\program files\Common Files\Adobe
2009-02-06 19:11 --------- d-----w c:\users\Altuner\AppData\Roaming\Dev-Cpp
2009-02-06 17:26 --------- d-----w c:\program files\Picasa2
2009-02-02 17:07 --------- d-----w c:\programdata\Microsoft Help
2009-02-01 11:38 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-30 11:06 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-27 15:56 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-23 17:23 --------- d-----w c:\program files\Opera
2009-01-21 21:28 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-21 17:18 --------- d-----w c:\program files\Avira
2009-01-21 11:23 --------- d-----w c:\programdata\TechSmith
2009-01-21 11:23 --------- d-----w c:\program files\TechSmith
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-13 12:59 --------- d-----w c:\users\Altuner\AppData\Roaming\Screaming Bee
2009-01-13 12:59 --------- d-----w c:\programdata\Screaming Bee
2009-01-13 12:59 --------- d-----w c:\program files\Common Files\Screaming Bee
2009-01-03 08:07 81,920 ----a-w c:\windows\System32\frapsvid.dll
2009-01-02 09:25 --------- d-----w c:\programdata\WindowsSearch
2009-01-02 09:14 --------- d-----w c:\programdata\InstallShield
2009-01-01 18:49 --------- d-----w c:\program files\Common Files\INCA Shared
2008-12-29 18:58 --------- d-----w c:\users\Altuner\AppData\Roaming\teamspeak2
2008-12-28 11:20 603,904 ----a-w c:\windows\System32\TUProgSt.exe
2008-12-28 11:20 360,192 ----a-w c:\windows\System32\TuneUpDefragService.exe
2008-12-28 11:20 --------- d-----w c:\program files\TuneUp Utilities 2009
2008-12-25 18:30 --------- d-----w c:\program files\Intel
2008-12-24 22:07 --------- d-----w c:\program files\CCleaner
2008-12-23 16:50 --------- d-----w c:\users\Altuner\AppData\Roaming\Azureus
2008-12-23 16:39 --------- d-----w c:\programdata\Azureus
2008-12-23 13:29 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-23 13:29 --------- d-----w c:\program files\iTunes
2008-12-23 13:28 --------- d-----w c:\programdata\Apple Computer
2008-12-23 13:28 --------- d-----w c:\program files\iPod
2008-12-23 13:28 --------- d-----w c:\program files\Common Files\Apple
2008-12-22 00:06 --------- d-----w c:\users\Altuner\AppData\Roaming\DAEMON Tools Lite
2008-12-16 10:27 993,816 ----a-w c:\windows\System32\igxpun.exe
2008-12-14 15:29 17,140 ----a-w c:\program files\log_cd2.txt
2008-12-11 12:31 27,904 ----a-w c:\windows\System32\uxtuneup.dll
2008-12-11 12:31 17,152 ----a-w c:\windows\System32\authuitu.dll
2008-12-07 08:42 28,756 ----a-w c:\program files\log.txt
2008-12-02 11:49 8,198,680 ----a-w c:\windows\System32\TVWSetup.exe
2008-12-02 11:49 668,696 ----a-w c:\windows\System32\igfxcfg.exe
2008-12-02 11:49 252,952 ----a-w c:\windows\System32\igfxsrvc.exe
2008-12-02 11:49 173,592 ----a-w c:\windows\System32\hkcmd.exe
2008-12-02 11:49 172,568 ----a-w c:\windows\System32\igfxext.exe
2008-12-02 11:49 150,552 ----a-w c:\windows\System32\igfxpers.exe
2008-12-02 11:49 141,848 ----a-w c:\windows\System32\igfxtray.exe
2008-12-02 11:40 155,648 ----a-w c:\windows\System32\igfxCoIn_v1608.dll
2008-12-02 11:33 3,821,568 ----a-w c:\windows\System32\igdumd32.dll
2008-12-02 11:31 1,498,564 ----a-w c:\windows\System32\igkrng400.bin
2008-12-02 11:27 536,576 ----a-w c:\windows\System32\igdumdx32.dll
2008-12-02 11:22 2,580,480 ----a-w c:\windows\System32\igd10umd32.dll
2008-12-02 11:13 4,112,384 ----a-w c:\windows\System32\ig4icd32.dll
2008-12-02 11:13 2,674,688 ----a-w c:\windows\System32\ig4dev32.dll
2008-12-02 11:04 398,336 ----a-w c:\windows\System32\TVWizudlg.exe
2008-12-02 11:03 59,392 ----a-w c:\windows\System32\oemdspif.dll
2008-12-02 11:03 257,536 ----a-w c:\windows\System32\igfxTMM.dll
2008-12-02 11:03 23,552 ----a-w c:\windows\System32\igfxexps.dll
2008-12-02 11:03 200,192 ----a-w c:\windows\System32\igfxpph.dll
2008-12-02 11:03 140,288 ----a-w c:\windows\System32\igfxtvcx.dll
2008-12-02 11:02 94,208 ----a-w c:\windows\System32\hccutils.dll
2008-12-02 11:02 51,712 ----a-w c:\windows\System32\igfxsrvc.dll
2008-12-02 11:02 5,702,656 ----a-w c:\windows\System32\igfxress.dll
2008-12-02 11:02 210,432 ----a-w c:\windows\System32\igfxdev.dll
2008-12-02 11:02 130,048 ----a-w c:\windows\System32\igfxdo.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-10-24 14:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008102420081025\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"recinfo"="c:\recinfo\recinfo.exe" [2008-02-13 52224]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-20 3885408]
"Steam"="c:\program files\steam\steam.exe" [2009-02-16 1410296]
"Google Update"="c:\users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-24 133104]
"SpybotSD TeaTimer"="d:\programmes\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-02 150552]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-01-28 10950144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.speex32"= speex32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SnagIt 9.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 9.lnk
backup=c:\windows\pss\SnagIt 9.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 10:02 216520 d:\programmes\DAEMON Tools Lite\daemon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1961205223-498375320-3251691742-1000]
"EnableNotificationsRef"=dword:00000003
"EnableNotifications"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{731544C6-0539-4926-88B7-27BB057BAB48}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2D1118CC-7D3B-4116-967D-0A77446FEE30}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4DD0D956-3FC8-4765-A3CE-0ADE0210043F}"= UDP:c:\program files\Steam\Steam.exe:Steam
"{E76CED31-F116-42CE-BB81-249A0CB7F7DA}"= TCP:c:\program files\Steam\Steam.exe:Steam
"{E1E76D77-6726-49B5-AB1C-DC4ECF4FA1E8}"= UDP:c:\program files\VTFEdit\VTFEdit.exe:VTFEdit
"{2CC324A4-BDBD-4A33-9FD4-C903813D503F}"= TCP:c:\program files\VTFEdit\VTFEdit.exe:VTFEdit
"TCP Query User{705FC956-CAEC-41F0-B6C0-39592FD4CF4E}c:\\program files\\steam\\steamapps\\big_next\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\big_next\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{67ED5832-B898-4F1A-894F-F86FCFC2B14D}c:\\program files\\steam\\steamapps\\big_next\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\big_next\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{6DAB8DBB-85F2-4F9C-86B8-483B9E9DE25D}c:\\program files\\steam\\steamapps\\big_next\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\day of defeat source\hl2.exe:hl2
"UDP Query User{8AA9B7D0-D6A6-404A-9263-2CE928FC7019}c:\\program files\\steam\\steamapps\\big_next\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\day of defeat source\hl2.exe:hl2
"TCP Query User{846D3F01-8CE2-4F62-9C86-B3579CEE217E}c:\\program files\\steam\\steamapps\\big_next\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\source sdk base\hl2.exe:hl2
"UDP Query User{FCF1AFB8-2379-4699-B473-DE7DE199C55E}c:\\program files\\steam\\steamapps\\big_next\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\source sdk base\hl2.exe:hl2
"TCP Query User{339C96CC-6DA2-4868-9311-27C5583C1CB7}c:\\program files\\steam\\steamapps\\big_next\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\insurgency\hl2.exe:hl2
"UDP Query User{86F3CD9F-AB82-4267-B445-DCDD7D6FC40B}c:\\program files\\steam\\steamapps\\big_next\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\insurgency\hl2.exe:hl2
"TCP Query User{42215CC0-84F8-4911-81B9-DEB5DD4BD54C}c:\\program files\\steam\\steamapps\\big_next\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{3CCA4B74-3C25-4F9D-B66E-31A38D46F142}c:\\program files\\steam\\steamapps\\big_next\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{BA998EAE-0F89-4989-8751-1AED81D1C437}c:\\program files\\steam\\steamapps\\big_next\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\big_next\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{7CF99DB8-63DA-4EE2-A781-78A41B93A534}c:\\program files\\steam\\steamapps\\big_next\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\big_next\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{92B8BAC5-0ABE-4159-8D89-A2462E779942}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{C5E705CC-EC23-4B72-A4DE-EB3B276B97AE}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"{076ABBBE-B1A5-462E-9886-7E391136E858}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{E97B1177-B87F-464E-8CC7-FC56EE44E570}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{EC26C6FB-E558-43B7-93EA-E0047D148DB9}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{8F403FE3-E2AE-41AF-A11A-230EA9B3ED72}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{3AAAFA9B-9B79-4525-8F2E-6D2F76855005}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{E9E474AF-7DCB-43D9-9C20-6B5994452119}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{7496CE05-86B3-4217-B0BE-C1819C1B5FE6}c:\\program files\\steam\\steamapps\\big_next\\dedicated server\\hlds.exe"= UDP:c:\program files\steam\steamapps\big_next\dedicated server\hlds.exe:HLDS Launcher
"UDP Query User{71AC98F1-C61F-4B81-B7DA-12447CC49595}c:\\program files\\steam\\steamapps\\big_next\\dedicated server\\hlds.exe"= TCP:c:\program files\steam\steamapps\big_next\dedicated server\hlds.exe:HLDS Launcher
"{9F4529E2-A41A-4009-B794-6381FBA696A3}"= TCP:27015:Serveur CS
"TCP Query User{9B6FBEE3-EC58-4E84-BC5D-80384DEFF03A}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{43C43749-78F1-4A71-92E7-8984E7CC93B1}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{4DE28781-AD95-4A3E-BDA0-895834E786B9}"= UDP
:\programmes\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)"{57E10B1B-C47D-40A5-B411-E257AA048843}"= TCP
:\programmes\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)"TCP Query User{E9240EEC-95F8-4400-8253-78E842D51110}c:\\program files\\steam\\steamapps\\aytac625\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\aytac625\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{0B25262B-5E23-457E-929C-4B068CF0A5BA}c:\\program files\\steam\\steamapps\\aytac625\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\aytac625\condition zero\hl.exe:Half-Life Launcher
"{6AE0CB57-A1F1-44FE-B12F-0A759BD830F0}"= UDP
:\programmes\Shareaza\Shareaza.exe:Shareaza"{9446BB86-0A4A-4A1E-83D7-84EAC1BBD6B3}"= TCP
:\programmes\Shareaza\Shareaza.exe:Shareaza"{76FD0032-85EF-44ED-A1C7-505184FFCB8A}"= UDP:6346:LocalSubnet:LocalSubnet:shareazaudp
"{420B0FBE-673D-459D-812C-BD86C686BA24}"= TCP:6346:LocalSubnet:LocalSubnet:shareazaudp
"TCP Query User{A9D8D1B8-522C-4340-B42E-1BE619432AF1}d:\\programmes\\emule\\emule.exe"= UDP
:\programmes\emule\emule.exe:eMule"UDP Query User{94443ED6-8446-43CA-8F61-2CC7CF66297C}d:\\programmes\\emule\\emule.exe"= TCP
:\programmes\emule\emule.exe:eMule"TCP Query User{BA8FBA3A-01D3-491F-98DE-BD0A6F164E07}c:\\users\\altuner\\program files\\dna\\btdna.exe"= UDP:c:\users\altuner\program files\dna\btdna.exe:btdna.exe
"UDP Query User{17A1C803-407D-4687-9D9F-09B14596908E}c:\\users\\altuner\\program files\\dna\\btdna.exe"= TCP:c:\users\altuner\program files\dna\btdna.exe:btdna.exe
"{1C11A7D7-5AF6-4F39-8C06-998E08C7C5A3}"= UDP:c:\program files\DNA\btdna.exe
NA (TCP-In)"{11699A49-650A-4B77-ACD1-A4241F4B649E}"= TCP:c:\program files\DNA\btdna.exe
NA (UDP-In)"{AC0DE6DC-3F21-4F1E-B628-F32CC3188DDF}"= UDP:c:\program files\DNA\btdna.exe
NA (TCP-In)"{C7177C46-1360-4DEA-B427-B117199FC82A}"= TCP:c:\program files\DNA\btdna.exe
NA (UDP-In)"{51037744-C87A-4155-AF2C-8553C9FE9706}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BC728603-75C3-4004-A9D2-0F77243EF382}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{719C33A7-7A46-439A-8D50-51494565D225}"= UDP:c:\program files\DNA\btdna.exe
NA (TCP-In)"{EFE558DA-290A-4A47-B1CB-36DA7E675C56}"= TCP:c:\program files\DNA\btdna.exe
NA (UDP-In)"{83870AA6-523F-42CF-9CE8-788AC572DC6D}"= UDP:c:\program files\DNA\btdna.exe
NA (TCP-In)"{C327CDFA-B89F-4FBF-86D8-FC96FD1595D8}"= TCP:c:\program files\DNA\btdna.exe
NA (UDP-In)"{33236A74-E0EB-4D4F-AC3A-A4ADC761E19E}"= UDP:c:\program files\DNA\btdna.exe
NA (TCP-In)"{C27482ED-AC13-4049-8188-082C5869FAB6}"= TCP:c:\program files\DNA\btdna.exe
NA (UDP-In)"TCP Query User{49DCC726-B626-45F9-B423-5E3F3A441B96}d:\\programmes\\neuftalk\\neuf talk.exe"= UDP
:\programmes\neuftalk\neuf talk.exe:neuf Talk"UDP Query User{C4FAAEAB-7D09-4AE8-9AD7-01E38FBC3D45}d:\\programmes\\neuftalk\\neuf talk.exe"= TCP
:\programmes\neuftalk\neuf talk.exe:neuf Talk"TCP Query User{0AE71879-FD56-4941-BFDD-49EDEAE9D6CC}c:\\program files\\steam\\steamapps\\big_next\\insurgency dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\big_next\insurgency dedicated server\srcds.exe:srcds
"UDP Query User{933F8F2F-0D12-4EAE-A36E-3B0F211365CA}c:\\program files\\steam\\steamapps\\big_next\\insurgency dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\big_next\insurgency dedicated server\srcds.exe:srcds
"TCP Query User{9E6F3251-836A-4987-96FC-E0859C5A3EB7}c:\\program files\\steam\\steamapps\\big_next\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\big_next\source dedicated server\srcds.exe:srcds
"UDP Query User{FCBC9581-8C4E-4667-B0AE-749CB78FD4DB}c:\\program files\\steam\\steamapps\\big_next\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\big_next\source dedicated server\srcds.exe:srcds
"TCP Query User{46C73FA4-DFF1-4822-92F5-DA4C12795E82}c:\\program files\\paltalk messenger\\paltalk.exe"= UDP:c:\program files\paltalk messenger\paltalk.exe
altalkScene"UDP Query User{E900139D-3C20-4F84-9324-204F871A8EF6}c:\\program files\\paltalk messenger\\paltalk.exe"= TCP:c:\program files\paltalk messenger\paltalk.exe
altalkScene"TCP Query User{BF17E022-725A-4F89-9A2C-38A4ABEAF636}c:\\program files\\steam\\steamapps\\big_next\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\big_next\counter-strike source\hl2.exe:hl2
"UDP Query User{DBEE32FF-F04D-49A8-87EE-03F6B9FF5E51}c:\\program files\\steam\\steamapps\\big_next\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\big_next\counter-strike source\hl2.exe:hl2
"TCP Query User{BD0304A8-7322-4497-9D25-1DB03D555599}c:\\program files\\steam\\steamapps\\tayfun45\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\tayfun45\counter-strike source\hl2.exe:hl2
"UDP Query User{C06F014B-CA73-4CF5-ACA8-FCC808C34FC1}c:\\program files\\steam\\steamapps\\tayfun45\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\tayfun45\counter-strike source\hl2.exe:hl2
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"d:\\Programmes\\BitTorrent\\bittorrent.exe"= d:\programmes\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 Hotkey;Hotkey;c:\windows\System32\drivers\HOTKEY.sys [2008-07-02 9867]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-18 603904]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [2006-09-28 21920]
R3 tenCapture;tenCapture;c:\windows\System32\drivers\tenCapture.sys [2007-04-21 9344]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-07-02 118784]
S2 gupdate1c99444803666e7;Service Google Update (gupdate1c99444803666e7);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
S2 SBSDWSCService;SBSD Security Center Service;d:\programmes\Spybot - Search & Destroy\SDWinSec.exe [2009-02-22 1153368]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-02 195752]
S3 ovt530;Webcam Classic;c:\windows\System32\drivers\ov530vid.sys [2008-11-21 161792]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c51bcc9c-a1d8-11dd-bbfe-806e6f6e6963}]
\shell\AutoRun\command - E:\umenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-02-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 17:45]
2009-02-22 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 17:50]
2009-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1961205223-498375320-3251691742-1000.job
- c:\users\Altuner\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-24 19:08]
2009-02-22 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04]
2009-02-22 c:\windows\Tasks\User_Feed_Synchronization-{643D8D41-70B9-4440-AC4D-D391DCB1C371}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 11:01]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uInternet Settings,ProxyServer = localhost:8800
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {25D04E0C-3424-4FDB-8825-B02E3888AA20} = 86.64.145.142,84.103.237.142
FF - ProfilePath - c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
1 fichier(s) déplacé(s).
FF - component: c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\extensions\capturefoxmovie@advancity.net\components\test.dll
FF - component: c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmaud.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmprog.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmvid.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmzip.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\users\Altuner\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\Altuner\AppData\Roaming\Mozilla\Firefox\Profiles\ddf0gmn1.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 17:22:26
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H? ??????? ?`7 ??X?w????????????0???$???????d???4??v???????????wR??w?????? ??? ???????F?4???o??v?? ?????x? ?t???+?A??? ?????J?A?#???????|?????F?$l@?H???????????? A??Q??????J?A?[?@??? ??v@??? ???????@??? ????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????H? ??????? ?`7 ??X?w????????????0???$???????d???4??v???????????wR??w?????? ??? ???????F?4???o??v?? ?????x? ?t???+?A??? ?????J?A?#???????|?????F?$l@?H???????????? A??Q??????J?A?[?@??? ??v@??? ???????@??? ????
Wbutton = c:\program files\Launch Manager\WButton.exe?????H? ??????? ?`7 ??X?w????????????0???$???????d???4??v???????????wR??w?????? ??? ???????F?4???o??v?? ?????x? ?t???+?A??? ?????J?A?#???????|?????F?$l@?H???????????? A??Q??????J?A?[?@??? ??v@??? ???????@??? ????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-22 17:25:04
ComboFix-quarantined-files.txt 2009-02-22 16:25:02
Avant-CF: 1 017 913 344 octets libres
Après-CF: 576,839,680 octets libres
391 --- E O F --- 2009-02-20 09:30:53
Autres pages sur : rapport hijackthis virus fait importe help
Lassé par la pub ? Créez un compte
Bonjour,
Tout d'abord, merci Angeldark d'avoir répondu. Non![:(]( ":(")
J'ai cliquez trop vite sur "Mettre en quarantaine" (Un reflex)...Mais, attend ! Si il est en quarantaine, je peut avoir l'emplacement où il est...
Ps: Mince, aujourd'hui j'ai désinstaller AntiVir pour avoir BitDefender, qui ma causez d'énorme problème, puis je suis revenu sur AntiVir, mais plus de quarantaine![:(]( ":(")
Tout d'abord, merci Angeldark d'avoir répondu. Non
J'ai cliquez trop vite sur "Mettre en quarantaine" (Un reflex)...Mais, attend ! Si il est en quarantaine, je peut avoir l'emplacement où il est...Ps: Mince, aujourd'hui j'ai désinstaller AntiVir pour avoir BitDefender, qui ma causez d'énorme problème, puis je suis revenu sur AntiVir, mais plus de quarantaine
S'ils sont en quarantaine c'est bon.
Sélectionne l'intégralité du cadre ci-dessous :
Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
![]()
Cela va relancer Combofix.
Tu devras accepter la licence.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Sélectionne l'intégralité du cadre ci-dessous :
Folder::
c:\recinfo
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"recinfo"=-
"SpybotSD TeaTimer"=-
c:\recinfo
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"recinfo"=-
"SpybotSD TeaTimer"=-
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus insupprimables, constants... (avec rapport Hijackthis).
- ForumVirus multiples, erreurs et plantages (Avec Rapport Hijackthis).
- Forumvirus nokia 19 rapport Hijackthis
- ForumVirus Sur mon PC / Rapport Hijackthis inclu
- Forumhelp me!!! rapport hijackthis???
- Forumpb virus (rapport hijackthis) merci
- Forumvirus et rapport hijackthis
- ForumRESOLU Virus msn plus 11 shizero et rapport HijackThis
- ForumVirus Win32/Heur ! "rapports hijackthis "
- Voir plus
